alexei.dolgolyov
ea55d31177
Build / build (push) Successful in 10m43s
Two-stage feature arc closing the gaps left by the hard legacy cutover.
The static-site creation wizard regains its auto-discovery + connection-test
flow; /apps/[id] grows the runtime/storage/lifecycle surface the legacy
/sites/[id] page used to expose.
Backend (Go)
- internal/api/discovery.go: six admin-gated endpoints wrapping
staticsite.GitProvider — POST /api/discovery/git/{detect-provider,
test-connection,repos,branches,tree} + GET /api/discovery/image/conflicts.
Identifier validation (validateGitIdent / validateGitBranch) at the
boundary so provider URL interpolation cannot be hijacked via `..`.
Upstream errors scrubbed: detailed slog on the server, generic 502 to
the client (mitigates token-reflection-in-error-page).
- internal/api/workload_runtime.go: four endpoints —
GET /api/workloads/{id}/runtime-state decodes containers.extra_json for
static workloads; GET /api/workloads/{id}/storage execs `du -sb /app/data`
with a 30s in-process cache (storageProbeCache) so polling can't turn
into per-request execs; POST /api/workloads/{id}/{stop,start} iterate
ListContainersByWorkload and call docker.StopContainer / StartContainer,
returning 200 / 409 (nothing to act on) / 502 (all failed).
- internal/staticsite/safehttp.go: NewSafeHTTPClient + ValidateBaseURL +
blockReason. DialContext re-resolves hostnames and refuses loopback /
link-local / multicast / unspecified addresses. RFC1918 + ULA explicitly
allowed (self-hosted Gitea on LAN is the dominant deployment).
Replaced four raw &http.Client{} constructions in the provider files.
- internal/staticsite/gitlab_provider.go: url.PathEscape each segment in
the raw-file URL builder for parity with projectPath().
- Test coverage: 26 cases in discovery_test.go (image-tag stripping,
source-config decoding, conflict scenarios, validator boundaries,
scheme rejection), 14 in workload_runtime_test.go (404 / 409 / nil-docker
/ probe-cache), 16 in safehttp_test.go (URL validation + block-reason
policy matrix + live dial against loopback + AWS metadata literals).
Frontend (Svelte 5 + runes)
- web/src/lib/api.ts: typed wrappers for every endpoint, AbortSignal
threaded through post(); ApiError exported so callers can narrow on
e.status; new DetectedGitProvider narrow union.
- web/src/routes/apps/new/+page.svelte: static-form discovery controls
(auto-detect provider, test connection, repo / branch / folder
EntityPickers, Deno auto-detect); image-form conflict panel with
debounced lookup + double-click submit guard ("Forge anyway") + Inspect
button that pre-fills port/healthcheck; English error fallbacks routed
through apps.new.errors.* (en + ru).
- web/src/routes/apps/[id]/+page.svelte: runtime-state panel + storage
panel + Stop / Start / Open-site toolbar; universal live-state badge
in the hero lede for image/compose/static (RUNNING / TRANSITIONING /
STOPPED / NOT DEPLOYED / MIXED · n/m RUNNING); ContainerStats panel
per row (auto-collapsing native <details> when N > 2); read-only
webhook bindings summary card; responsive toolbar overflow with native
<details> at <640px (z-index 100 above sticky nav).
- web/src/app.css: project-wide .forge-btn-ghost:focus-visible outline.
Hardening from go-reviewer + security-reviewer + typescript-reviewer +
frontend-design UI/UX subagents (0 CRITICAL, all HIGH/BLOCKER addressed
inline, IMPORTANT applied before commit):
- AbortController + per-call sequence tokens on every long-running
fetch (loadRuntimeState / loadStorage / loadTriggerMeta / inspectImage /
listImageConflicts) plus onDestroy cleanup so late resolves cannot
mutate dead component state.
- doStop / doStart snapshot and restore `error` across the finally-block
reload so a load()-cleared message doesn't hide a real failure.
- triggersById refreshed after inline trigger creation so the webhook
card doesn't silently exclude the just-created trigger.
- Live-state badge wraps in role=status / aria-live=polite (no redundant
aria-label).
- Webhook row has a single click target (was two pointing at the same URL).
- Empty webhook section hides entirely.
- Dropped role=menu / role=menuitem from the overflow menu (they would
promise arrow-key nav we don't wire; native Tab + ESC carry it).
Doc
- docs/CODEMAPS/INDEX.md + new docs/CODEMAPS/discovery-and-runtime.md
map the endpoint surface, security posture, frontend integration
patterns, and an "add a new probe" recipe.
Verification
- svelte-check: 0 errors, 3 pre-existing a11y warnings.
- go build + go vet + go test ./...: all green.
- i18n parity: en + ru at 1413 keys each.
- Live smoke against :8090: 404 / 409 / 502 envelopes correct, discovery
sanity passes, ProbeError surfaces on no-container path.
Tinyforge
Self-hosted deployment platform with a web dashboard. Deploy Docker containers from registries with zero-downtime blue-green strategy, host static sites and Deno APIs directly from Git repositories, and manage reverse proxy configuration — all from a single binary.
Features
Container Deployments
- Registry polling and webhook receiver for automatic deployments
- Blue-green deploys with health checks and automatic rollback
- Multi-stage projects (dev, staging, prod) with tag pattern matching
- Real-time deploy logs via SSE streaming
Static Sites
Deploy static sites and Deno-powered APIs directly from Git repositories:
- Git providers: Gitea/Forgejo, GitHub, and GitLab (public and private repos)
- Static mode: Serves HTML/CSS/JS via nginx container
- Deno mode: Full-stack with TypeScript API backend + static frontend — API routes are auto-discovered from
/apifolder using a naming convention (API_get_users,API_post_items, etc.) - Markdown rendering: Optionally converts
.mdfiles to styled HTML - Branch & folder picker: Select any branch and subfolder as the deployment root
- Auto-sync: Trigger redeployment on push or tag events, or manually
- Per-site secrets: Encrypted environment variables injected at runtime
Infrastructure
- NPM / Traefik integration for automatic reverse proxy and SSL configuration
- Cloudflare DNS sync for automatic DNS record management
- Volume management: Create, browse, upload, and download Docker volumes
- Stale container cleanup: Detect and remove unused containers
- Image management: List and prune unused Docker images
- Database backups: Scheduled and manual backups with one-click restore
- Config export/import: YAML-based seed configuration for reproducible setups
Auth & Security
- Local auth with bcrypt password hashing
- OIDC/SSO support for single sign-on
- Encrypted credential storage (AES-256-GCM)
- Role-based access: Admin and user roles
Prerequisites
- Docker with Docker Compose
- A Docker network for deployed containers (e.g.
staging-net) - Nginx Proxy Manager (optional, for automatic proxy configuration)
- Wildcard DNS pointing to your server (for subdomain-based routing)
Quick Start
-
Create the Docker network (containers will be attached to this):
docker network create staging-net -
Create a
.envfile (see.env.example):cp .env.example .env # Edit .env and set ENCRYPTION_KEY and ADMIN_PASSWORD # Generate a key: openssl rand -hex 32 -
Start Tinyforge:
docker compose up -d -
Open the dashboard at
http://localhost:8080and log in withadmin/ yourADMIN_PASSWORD.
Configuration
Environment Variables
| Variable | Required | Description |
|---|---|---|
ENCRYPTION_KEY |
Yes | AES-256 key for encrypting stored credentials. Use openssl rand -hex 32 |
ADMIN_PASSWORD |
Yes (first launch) | Password for the default admin user |
SEED_FILE |
No | Path to YAML seed config (default: ./tinyforge.yaml) |
DATA_DIR |
No | SQLite database directory (default: ./data) |
LISTEN_ADDR |
No | HTTP listen address (default: :8080) |
NPM_URL |
No | Override NPM API URL (otherwise uses value from settings) |
POLLING_INTERVAL |
No | Registry polling interval, Go duration string e.g. 5m (default from settings) |
Seed Config
On first launch, Tinyforge imports a YAML seed file to pre-configure registries, projects, and settings. See tinyforge.example.yaml for the full format.
Webhook Integration
After setup, find your webhook URL at Settings > Webhook URL in the dashboard. Configure your CI/CD (Gitea Actions, GitHub Actions) to POST to this URL on image push:
curl -X POST https://your-domain/api/webhook/<secret> \
-H "Content-Type: application/json" \
-d '{"image": "registry.example.com/org/app:v1.2.3"}'
OIDC Setup
- Go to Settings > Auth in the dashboard
- Switch auth mode to OIDC
- Enter your provider's Issuer URL, Client ID, and Client Secret
- Set the Redirect URL to
https://your-domain/api/auth/oidc/callback
Development
# Build frontend
cd web && npm install && npm run build && cd ..
# Run backend (requires ENCRYPTION_KEY and ADMIN_PASSWORD env vars)
go run ./cmd/server
# Or use Make
make build
make dev
Architecture
CI/Registry --> Webhook/Poller --> Deployer --> Docker + NPM
|
Git Repo ----> Static Sites -------> Docker + NPM
|
Event Bus --> SSE --> Web Dashboard
- Backend: Go 1.24, chi router, SQLite (pure Go), Docker SDK
- Frontend: SvelteKit 2, Tailwind CSS 4, TypeScript
- Deployment: Single binary with embedded SPA, multi-stage Dockerfile